CSP Data for: bloomingdales.com


upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; form-action connect.facebook.net *.bloomingdales.com 'self' *.fds.com www.facebook.com bloomingdales.ugc.bazaarvoice.com bloomingdales.com ct.pinterest.com fashion.bloomingdales.com www.bloomingdales.com m.bloomingdales.com customerservice.bloomingdales.com www.bloomingdalesfashionpacked.com syndication.twitter.com www.customerservice-bloomingdales.com www1.bloomingdales.com as00.estara.com locations.bloomingdales.com platform.twitter.com; media-src *.brightcove.com vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com blob: *.fds.com m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com secure.brightcove.com h.online-metrix.net metrics.brightcove.com *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com bloomingdales-dev.widget.custhelp.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; form-action connect.facebook.net *.bloomingdales.com 'self' *.fds.com www.facebook.com bloomingdales.ugc.bazaarvoice.com bloomingdales.com ct.pinterest.com fashion.bloomingdales.com www.bloomingdales.com m.bloomingdales.com customerservice.bloomingdales.com www.bloomingdalesfashionpacked.com syndication.twitter.com www.customerservice-bloomingdales.com www1.bloomingdales.com as00.estara.com locations.bloomingdales.com platform.twitter.com; media-src *.brightcove.com vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com blob: *.fds.com m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com secure.brightcove.com h.online-metrix.net metrics.brightcove.com *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com bloomingdales-dev.widget.custhelp.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; media-src *.brightcove.com vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com blob: *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com secure.brightcove.com h.online-metrix.net metrics.brightcove.com *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com bloomingdales-dev.widget.custhelp.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com *.richrelevance.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com *.richrelevance.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com *.richrelevance.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 
default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com *.bloomingdales.com 'self' netdna.bootstrapcdn.com *.fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com *.webcollage.net fonts.gstatic.com cdnjs.cloudflare.com *.truefitcorp.com assets.bloomingdales.com origin.extole.io *.cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors 'self'; media-src *.brightcove.com *.fds.com vjs.zencdn.net *.cloudfront.net *.media.brightcove.com *.webcollage.net *.bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src *.brightcove.com players.brightcove.net vjs.zencdn.net *.cloudfront.net *.webcollage.net *.bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net *.fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri report; style-src *.shoprunner.com *.bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net *.fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com *.fiftyone.com api.cloudsponge.com *.truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com *.richrelevance.com www1.bloomingdales.com origin.extole.io *.cloudfront.net *.borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests; 
upgrade-insecure-requests; 

#	Time Frame	Framing Control	TLS Enforce	Content Control	'unsafe-inline'	http / https / *	data:	Diffs	Normalized Policy
0	2017-03-21 - 2017-06-02	False	True	False	False	False	False	0	upgrade-insecure-requests;
1	2017-06-04 - 2018-02-15	False	True	False	False	False	False	0	upgrade-insecure-requests;
2	2018-02-16 - 2018-02-23	False	True	True	True	True	True	93	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; form-action connect.facebook.net .bloomingdales.com 'self' .fds.com www.facebook.com bloomingdales.ugc.bazaarvoice.com bloomingdales.com ct.pinterest.com fashion.bloomingdales.com www.bloomingdales.com m.bloomingdales.com customerservice.bloomingdales.com www.bloomingdalesfashionpacked.com syndication.twitter.com www.customerservice-bloomingdales.com www1.bloomingdales.com as00.estara.com locations.bloomingdales.com platform.twitter.com; media-src .brightcove.com vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com blob: .fds.com m.bloomingdales.com; object-src* .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com secure.brightcove.com h.online-metrix.net metrics.brightcove.com .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com bloomingdales-dev.widget.custhelp.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net *.borderfree.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
3	2018-02-25 - 2018-03-06	False	True	True	True	True	True	0	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; form-action connect.facebook.net .bloomingdales.com 'self' .fds.com www.facebook.com bloomingdales.ugc.bazaarvoice.com bloomingdales.com ct.pinterest.com fashion.bloomingdales.com www.bloomingdales.com m.bloomingdales.com customerservice.bloomingdales.com www.bloomingdalesfashionpacked.com syndication.twitter.com www.customerservice-bloomingdales.com www1.bloomingdales.com as00.estara.com locations.bloomingdales.com platform.twitter.com; media-src .brightcove.com vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com blob: .fds.com m.bloomingdales.com; object-src* .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com secure.brightcove.com h.online-metrix.net metrics.brightcove.com .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com bloomingdales-dev.widget.custhelp.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net *.borderfree.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
4	2018-03-07 - 2018-03-29	False	True	False	False	False	False	93	upgrade-insecure-requests;
5	2018-03-30 - 2018-04-16	False	True	True	True	True	True	76	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; media-src .brightcove.com vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com blob: .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src* .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com secure.brightcove.com h.online-metrix.net metrics.brightcove.com .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com bloomingdales-dev.widget.custhelp.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net *.borderfree.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
6	2018-04-17 - 2018-05-04	True	True	True	True	True	True	11	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
7	2018-05-05 - 2018-05-15	False	True	False	False	False	False	81	upgrade-insecure-requests;
8	2018-05-16 - 2018-05-16	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
9	2018-05-17 - 2018-05-20	False	True	False	False	False	False	81	upgrade-insecure-requests;
10	2018-05-21 - 2018-05-21	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
11	2018-05-22 - 2018-05-23	False	True	False	False	False	False	81	upgrade-insecure-requests;
12	2018-05-24 - 2018-05-24	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
13	2018-05-25 - 2018-05-26	False	True	False	False	False	False	81	upgrade-insecure-requests;
14	2018-05-27 - 2018-05-27	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
15	2018-05-28 - 2018-06-14	False	True	False	False	False	False	81	upgrade-insecure-requests;
16	2018-06-15 - 2018-06-15	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
17	2018-06-16 - 2018-06-26	False	True	False	False	False	False	81	upgrade-insecure-requests;
18	2018-06-27 - 2018-06-30	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
19	2018-07-01 - 2018-07-01	False	True	False	False	False	False	81	upgrade-insecure-requests;
20	2018-07-02 - 2018-07-04	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
21	2018-07-05 - 2018-07-07	False	True	False	False	False	False	81	upgrade-insecure-requests;
22	2018-07-08 - 2018-07-18	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
23	2018-07-19 - 2018-07-27	False	True	False	False	False	False	81	upgrade-insecure-requests;
24	2018-07-28 - 2018-07-28	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
25	2018-07-29 - 2018-07-29	False	True	False	False	False	False	81	upgrade-insecure-requests;
26	2018-07-30 - 2018-07-31	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
27	2018-08-01 - 2018-08-01	False	True	False	False	False	False	81	upgrade-insecure-requests;
28	2018-08-02 - 2018-08-03	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
29	2018-08-04 - 2018-08-04	False	True	False	False	False	False	81	upgrade-insecure-requests;
30	2018-08-05 - 2018-08-05	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
31	2018-08-06 - 2018-08-06	False	True	False	False	False	False	81	upgrade-insecure-requests;
32	2018-08-07 - 2018-08-07	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
33	2018-08-08 - 2018-08-08	False	True	False	False	False	False	81	upgrade-insecure-requests;
34	2018-08-09 - 2018-08-09	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
35	2018-08-10 - 2018-08-11	False	True	False	False	False	False	81	upgrade-insecure-requests;
36	2018-08-12 - 2018-08-12	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
37	2018-08-13 - 2018-08-14	False	True	False	False	False	False	81	upgrade-insecure-requests;
38	2018-08-15 - 2018-08-15	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
39	2018-08-16 - 2018-08-17	False	True	False	False	False	False	81	upgrade-insecure-requests;
40	2018-08-18 - 2018-08-19	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
41	2018-08-20 - 2018-08-21	False	True	False	False	False	False	81	upgrade-insecure-requests;
42	2018-08-22 - 2018-08-23	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
43	2018-08-24 - 2018-08-28	False	True	False	False	False	False	81	upgrade-insecure-requests;
44	2018-08-29 - 2018-08-31	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
45	2018-09-01 - 2018-09-01	False	True	False	False	False	False	81	upgrade-insecure-requests;
46	2018-09-02 - 2018-09-03	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
47	2018-09-04 - 2018-09-04	False	True	False	False	False	False	81	upgrade-insecure-requests;
48	2018-09-05 - 2018-09-06	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
49	2018-09-07 - 2018-09-07	False	True	False	False	False	False	81	upgrade-insecure-requests;
50	2018-09-08 - 2018-09-11	True	True	True	True	True	True	81	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com .widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
51	2018-09-12 - 2018-09-13	False	True	False	False	False	False	81	upgrade-insecure-requests;
52	2018-09-14 - 2018-09-15	True	True	True	True	True	True	82	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com .richrelevance.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
53	2018-09-16 - 2018-09-16	False	True	False	False	False	False	82	upgrade-insecure-requests;
54	2018-09-17 - 2018-09-21	True	True	True	True	True	True	82	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com .richrelevance.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
55	2018-09-22 - 2018-09-23	False	True	False	False	False	False	82	upgrade-insecure-requests;
56	2018-09-24 - 2018-09-24	True	True	True	True	True	True	82	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com .richrelevance.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
57	2018-09-25 - 2018-09-26	False	True	False	False	False	False	82	upgrade-insecure-requests;
58	2018-09-27 - 2018-09-30	True	True	True	True	True	True	82	default-src data: * 'unsafe-inline' 'unsafe-eval' blob:; font-src data: cdn.joinhoney.com .bloomingdales.com 'self' netdna.bootstrapcdn.com .fds.com maxcdn.bootstrapcdn.com gateway.answerscloud.com storage.googleapis.com m.bloomingdales.com api.cloudsponge.com .webcollage.net fonts.gstatic.com cdnjs.cloudflare.com .truefitcorp.com assets.bloomingdales.com origin.extole.io .cloudfront.net sxt.cdn.skype.com themes.googleusercontent.com; frame-ancestors* 'self'; media-src .brightcove.com .fds.com vjs.zencdn.net .cloudfront.net .media.brightcove.com .webcollage.net .bloomingdales.com 'self' ssl.gstatic.com f1.media.brightcove.com blob: s-static.innovid.com brightcove.hs.llnwd.net m.bloomingdales.com; object-src .brightcove.com players.brightcove.net vjs.zencdn.net .cloudfront.net .webcollage.net .bloomingdales.com 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com h.online-metrix.net .fds.com brightcove.hs.llnwd.net m.bloomingdales.com; report-uri* report; style-src .shoprunner.com .bloomingdales.com 'self' libs.coremetrics.com assets.moovweb.net .fds.com bloomingdales.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com fonts.googleapis.com gateway.answerscloud.com storage.googleapis.com ln-rules.rewardstyle.com 'unsafe-inline' m.bloomingdales.com .fiftyone.com api.cloudsponge.com .truefitcorp.com bloomingdales.sspinc.io static.atgsvcs.com assets.bloomingdales.com .richrelevance.com www1.bloomingdales.com origin.extole.io .cloudfront.net .borderfree.com *.widget.custhelp.com bloomingdales.widget.custhelp.com s-static.innovid.com; upgrade-insecure-requests;
59	2018-10-01 - END	False	True	False	False	False	False	82	upgrade-insecure-requests;