Some applications enforce content security policies. You have to enable Product Fruits domains or domains for any 3rd party integration you might use. A typical example is videos on tour cards. Based on the video provider you use, you might want to enable also their domains.
For Product Fruits domains, use these CSPs:
script-src 'unsafe-inline' https://*.productfruits.com;
connect-src https://*.productfruits.com;
style-src 'unsafe-inline' https://*.productfruits.com;
img-src data: https://*.productfruits.com https://productfruits-akamai.azureedge.net;
frame-src https://*.productfruits.com;If you use our Giphy, Tenor, Typeform, or other integrations, you must also set their CSP properly.