Content-Security-Policy | default-src 'self'; script-src 'unsafe-eval' 'self' 'unsafe-inline' *.criteo.com *.criteo.net *.pinterest.com s.ytimg.com www.youtube.com *.google-analytics.com *.googleapis.com *.facebook.net *.facebook.com *.bing.com *.googleadservices.com static.criteo.net; style-src 'self' 'unsafe-inline' *.googleapis.com; connect-src 'self'; img-src 'self' *.msn.com *.bing.com *.google-analytics.com *.facebook.com sessionassets.blob.core.windows.net tssliveorders.blob.core.windows.net *.xx.fbcdn.net scontent.cdninstagram.com stats.g.doubleclick.net *.google.co.uk *.google.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.criteo.com *.facebook.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.co.uk; frame-ancestors 'self'; |