default-src *.oney.fr; connect-src https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com *.oney.io https://oney-mobapp-web1.westeurope.cloudapp.azure.com:8080 https://dsstgmobapp.blob.core.windows.net https://saprdoney.blob.core.windows.net *.oney.fr *.contentsquare.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://logs13.xiti.com *.trustcommander.net *.commander1.net *.commander1.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kameleoon.com *.abtasty.com bat.bing.com https://web.valiuz.com https://analytics.valiuz.com *.facil-iti.com https://*.facil-iti.app https://digitalpindef-web.gemalto.com https://mfchnbk.pa-cd.com https://cookie-matching.mediarithmics.com *.appsflyer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://ajax.googleapis.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://player.ausha.co t.contentsquare.net app.contentsquare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://cdn.tagcommander.com *.trustcommander.net https://cdn.facil-iti.app https://*.kameleoon.eu https://*.kameleoon.com bat.bing.com www.dwin1.com https://web.valiuz.com https://analytics.valiuz.com *.abtasty.com https://cookie-matching.mediarithmics.com https://ib.adnxs.com https://*.doubleclick.net *.facil-iti.com https://digitalpindef-web.gemalto.com *.arcot.com https://mfchnbk.pa-cd.com *.my.salesforce.com *.appsflyer.com https://cdnjs.cloudflare.com; child-src blob:; font-src 'self' https: https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://fonts.googleapis.com; img-src 'self' https://www.googletagmanager.com https://dsstgmobapp.blob.core.windows.net https://saprdoney.blob.core.windows.net https://*.doubleclick.net 'unsafe-inline' data: *.contentsquare.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://*.kameleoon.eu https://*.kameleoon.com bat.bing.com editor-assets.abtasty.com oney.commander1.com *.inbenta.com *.arcot.com https://is1-ssl.mzstatic.com https://impressions.onelink.me; style-src 'self' https: 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://fonts.googleapis.com try.abtasty.com; worker-src https: blob:; frame-src 'self' https://*.doubleclick.net https://player.ausha.co https://*.dalenys.com https://dsstgmobapp.blob.core.windows.net https://saprdoney.blob.core.windows.net data: https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'self' *.usabilla.com *.oney.com *.oney.fr https://www.youtube.com *.facil-iti.app https://cdn.trustcommander.net; object-src https://dsstgmobapp.blob.core.windows.net https://saprdoney.blob.core.windows.net data: blob:; upgrade-insecure-requests;