Content Security Policy

Some applications enforce content security policies. You have to enable Product Fruits domains or domains for any 3rd party integration you might use. A typical example is videos on tour cards. Based on the video provider you use, you might want to enable also their domains.

For Product Fruits domains, use these CSPs:

script-src 'unsafe-inline' https://*.productfruits.com; 
connect-src https://*.productfruits.com; 
style-src 'unsafe-inline' https://*.productfruits.com; 
img-src data: https://*.productfruits.com https://productfruits-akamai.azureedge.net;
frame-src https://*.productfruits.com;

If you use our Giphy, Tenor, Typeform, or other integrations, you must also set their CSP properly.