Some applications enforce content security policies (CSP). You have to enable Product Fruits domains or domains for any 3rd party integration you might use. A typical example is videos on tour cards. Based on the video provider you use, you might want to enable also their domains.
For Product Fruits domains, use these CSPs:
script-src 'unsafe-inline' https://*.productfruits.com;
connect-src https://*.productfruits.com wss://*.productfruits.com;
connect-src https://productfruits.help/
style-src 'unsafe-inline' https://*.productfruits.com;
img-src data: https://*.productfruits.com;
frame-src https://*.productfruits.com;
media-src blob:;If you use our Giphy, Tenor, Typeform, or other integrations, you must also set their CSP properly.