child-src https://vars.hotjar.com; connect-src https://*.indigo.ca *.omtrdc.net https://*.google.com wss://*.hotjar.com https://*.indigoimages.ca https://*.bluecore.com https://*.hotjar.com https://ds-aksb-a.akamaihd.net https://*.google.ca https://triggeredmail.appspot.com https://www.paypal.com www.chapters.indigo.ca https://kbepubs1-a.akamaihd.net https://bam.nr-data.net https://dpm.demdex.net; default-src https://static.masterpass.com https://assets.secure.checkout.visa.com https://*.ytimg.com https://www.paypalobjects.com 'self' https://*.youtube.com https://thm.visa.com https://*.iesnare.com; font-src https://*.gstatic.com https://*.webtype.com data: 'self' https://*.indigoimages.ca https://static.hotjar.com https://*.googleapis.com; frame-ancestors 'self'; frame-src https://indigo.taleo.net https://*.indigo.ca http://assessment.taleo.net https://*.facebook.com https://*.checkout.visa.com 'self' https://*.youtube.com https://*.doubleclick.net https://h.online-metrix.net/ blob: https://*.bazaarvoice.com https://masterpass.com https://indigo.demdex.net/ www.paypalobjects.com https://indigo.soapboxhq.com https://*.indigoimages.ca https://*.masterpass.com https://*.vimeo.com https://vars.hotjar.com https://snapwidget.com *.lrgrewards.com https://*.paypal.com https://*.google.ca https://*.facebook.net https://www.google.com https://cdn-akamai.mookie1.com https://*.google.com https://thm.visa.com https://display.ugc.bazaarvoice.com https://*.twitter.com https://www.buyatab.com; img-src data: https://*.facebook.com https://*.checkout.visa.com *.omtrdc.net https://insights.hotjar.com 'self' https://*.doubleclick.net https://www.offlinx.com https://*.online-metrix.net blob: https://notify.bugsnag.com https://gtrk.s3.amazonaws.com https://tracker.marinsm.com https://heapanalytics.com https://*.webtype.com www.paypalobjects.com https://*.pinimg.com *.indigoimages.ca https://cm.everesttech.net https://static.hotjar.com https://dpm.demdex.net https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.cdninstagram.com https://*.paypal.com https://kbimages1-a.akamaihd.net https://*.google.ca https://*.twimg.com https://t.co https://*.visa.com https://s3.amazonaws.com https://*.cloudfront.net https://*.google.com https://*.piwikpro.com *.nr-data.net *.bazaarvoice.com https://secure.adnxs.com https://*.twitter.com *.indigo.ca https://ds-aksb-a.akamaihd.net; report-uri report; script-src https://*.facebook.com https://*.checkout.visa.com *.omtrdc.net ajax.aspnetcdn.com 'self' https://*.youtube.com www.paypal.com 'unsafe-eval' https://script.hotjar.com blob: https://*.smartrecruiters.com https://mpsnare.iesnare.com https://*.ytimg.com https://googleads.g.doubleclick.net www.googleadservices.com www.paypalobjects.com https://fbstatic-a.akamaihd.net https://*.ads-twitter.com https://indigo.soapboxhq.com https://www.googletagmanager.com https://*.masterpass.com *.indigoimages.ca https://*.cloudflare.com https://cdn.heapanalytics.com 'unsafe-inline' https://static.hotjar.com https://maps.gstatic.com https://dpm.demdex.net tracker.marinsm.com https://www.bluecore.com https://*.googleapis.com https://*.iesnare.com https://api.pinterest.com https://*.gstatic.com https://ajax.aspnetcdn.com https://*.vimeo.com js-agent.newrelic.com https://*.facebook.net https://*.google.ca https://*.twimg.com https://script.crazyegg.com code.jquery.com https://*.richrelevance.com https://bam.nr-data.net https://s3.amazonaws.com https://*.cloudfront.net https://*.google.com https://api.instagram.com https://www.buyatab.com https://thm.visa.com *.bazaarvoice.com https://*.twitter.com *.indigo.ca https://ds-aksb-a.akamaihd.net; style-src https://*.bazaarvoice.com https://*.webtype.com https://*.gstatic.com https://masterpass.com https://*.google.com https://*.smartrecruiters.com 'self' https://*.indigoimages.ca https://*.masterpass.com 'unsafe-inline' https://*.google.ca blob: https://*.twitter.com https://*.googleapis.com; upgrade-insecure-requests; |