We did add CSP in staging and run across xy.... domain blocked "because it does not appear in the connect-src directive of the Content Security Policy"
I would say they are from Imperva
I did search for an Imperva WAF whitelist to add to CSP but could not find anything only a page about Client-Side service
Is it possible to add a CSP to a website under Imperva WAF without Client-Side service?
#CloudWAF(formerlyIncapsula)------------------------------
Alain F.
------------------------------