Content-Security-Policy: default-src 'self' www.hsnstore.com www.hsnstore.com hsnstore.com *.redsys.es; form-action *.redsys.es *.amazon.es *.amazon.de bancsabadell.com unicaja.es openwaylet-pre.wayletlabs.com open.waylet.es www.paypal.com bitpay.com live.sequrapi.com www.facebook.com facebook.com connect.facebook.net secure.paytpv.com api.paycomet.com *.smart2pay.com *.giropay.de *.sofort.com www.hsnstore.com acs.revolut.com; img-src * data:; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.hsnstore.com *.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com static.sooqr.com static.aws-prod.sooqr.com *.redsys.es translate.googleapis.com tagmanager.google.com fonts.googleapis.com *.googletagmanager.com netdna.bootstrapcdn.com; script-src cdn.hsnstore.com 'unsafe-eval' 'self' 'unsafe-inline' blob *.queue-it.net *.cdn-apple.com *.payments-amazon.com www.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com dynamic.sooqr.com dynamic.aws-prod.sooqr.com apis.google.com www.googletagmanager.com www.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.salesmanago.pl www.salesmanago.es static.sooqr.com static.aws-prod.sooqr.com sealserver.trustwave.com www.youtube.com www.youtube-nocookie.com s.ytimg.com maps.googleapis.com tpc.googlesyndication.com live.sequrapi.com tagmanager.google.com images.dmca.com static.criteo.net sslwidget.criteo.com widget.eu.criteo.com secure.paytpv.com api.paycomet.com js-agent.newrelic.com bam.eu01.nr-data.net *.gstatic.com seal.securetrust.com tracker.metricool.com sandbox.sequracdn.com sandbox.sequrapi.com live.sequracdn.com analytics.tiktok.com www.instagram.com tags.creativecdn.com accounts.google.com pay.google.com; font-src data: 'self' maxcdn.bootstrapcdn.com cdn.hsnstore.com www.hsnstore.com *.cdn-apple.com www.hsnstore.com fonts.gstatic.com netdna.bootstrapcdn.com; connect-src *.redsys.es *.redsys.es:25443 *.google-analytics.com *.queue-it.net *.googlesyndication.com *.saleago.com *.criteo.com *.facebook.com *.facebook.net maps.googleapis.com firehose.eu-central-1.amazonaws.com *.amazon.com www.google-analytics.com www.google.com *.salesmanago.pl www.salesmanago.es www.hsnstore.com www.hsnstore.com www.facebook.com *.g.doubleclick.net graph.facebook.com api.paycomet.com cognito-identity.eu-central-1.amazonaws.com bam.eu01.nr-data.net *.analytics.google.com identitytoolkit.googleapis.com securetoken.googleapis.com www.google.es sandbox.sequracdn.com live.sequracdn.com analytics.tiktok.com ams.creativecdn.com pay.google.com google.com; frame-src www.hsn-online.com hsnonline.com www.salesmanago.pl *.criteo.com td.doubleclick.net www.hsnstore.com www.hsnstore.pt www.hsnstore.it www.hsnstore.eu www.hsnstore.fr www.hsnstore.de tpc.googlesyndication.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com connect.facebook.net www.googletagmanager.com *.g.doubleclick.net www.hsnstore.com live.sequrapi.com translate.googleapis.com accounts.google.com staticxx.facebook.com graph.facebook.com api.paycomet.com gum.criteo.com static.criteo.net sandbox.sequrapi.com sandbox.sequracdn.com live.sequracdn.com www.instagram.com ams.creativecdn.com pay.google.com *.redsys.es; object-src *.hsnstore.com; report-uri https://www.hsnstore.com/reportcsp/;