Content-Security-Policy-Report-Only | script-src 'self' 'unsafe-inline' 'unsafe-eval' dtlilztwypawv.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleads.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.adroll.com *.adnxs.com *.googleadservices.com *.yahoo.com *.bidswitch.net *.twitter.com *.rlcdn.com *.connexity.net static.chartbeat.com *.akamai.net *.comenity.net *.optimizely.com *.cdngc.net *.iovation.com safari-extension://* chrome-extension://* *.jobscore.com js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com safari-extension://* chrome-extension://* *.comenity.net; connect-src 'self' *.optimizely.com; report-uri /Home/CSPReport; object-src 'self' *.cdngc.net *.wistia.com *.iovation.com; default-src 'self'; font-src *; img-src *; frame-src 'self' *.facebook.com *.googletagmanager.com *.comenity.net *.wistia.net safari-extension://* chrome-extension://* *.jobscore.com *.chartbeat.com |