default-src 'self' https://www.google-analytics.com 'unsafe-inline' content-security-policy: connect-src 'self' https://*.tesco.com https://*.optimizely.com https://*.tt.omtrdc.net https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://*.hotjar.com:* wss://*.hotjar.com https://pdx-col.eum-appdynamics.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://dpm.demdex.net https://*.zenaps.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tesco.com https://*.optimizely.com https://static.hotjar.com https://script.hotjar.com https://*.tt.omtrdc.net https://*.google-analytics.com https://cdn.appdynamics.com https://col.eum-appdynamics.com https://maps.googleapis.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://*.doubleclick.net https://adservice.google.co.in/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://adservice.google.co.uk/adsid/integrator.js https://adservice.google.ie/adsid/integrator.js https://*.googlesyndication.com/pagead/osd.js https://*.sociomantic.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://tagmanager.google.com https://www.googleadservices.com https://www.google.com/ads https://dpm.demdex.net https://*.omniture.com https://www.dwin1.com https://www.awin1.com https://*.zenaps.com 'nonce-7aec23a4c9ff60da624632fbc6f29e36'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' https://* data:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://app.optimizely.com https://*.doubleclick.net; child-src 'self' https://*.doubleclick.net https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com; frame-src https://*.googleadservices.com https://*.googlesyndication.com https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com https://*.googletagservices.com https://*.doubleclick.net https://*.sociomantic.com https://testci.demdex.net/; object-src 'none'; base-uri 'self'; report-uri /ce-assets/csp-report-violation