Content-Security-Policy: default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ https://pay.google.com/ https://*.paysafe.com https://api.test.paysafe.com https://applepay.cdn-apple.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com https://fonts.googleapis.com/css; report-uri https://pcipal.report-uri.com/r/d/csp/enforce; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/ https://google.com/pay https://www.google.com/pay https://www.google.com/recaptcha/ https://pay.google.com/ https://*.paysafe.com https://api.test.paysafe.com; font-src * data:; object-src 'none';

Content-Security-Policy-Report-Only: default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ https://pay.google.com/ https://*.paysafe.com https://api.test.paysafe.com https://applepay.cdn-apple.com/ https://www.datadoghq-browser-agent.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com https://fonts.googleapis.com/css; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/ https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://www.google.com/recaptcha/ https://*.paysafe.com https://api.test.paysafe.com https://browser-intake-datadoghq.eu/; font-src * data:; object-src 'none';