C — https://lilly.com | BeaverCheck Audit

Site Health

Score: 71 / 100

Based on 8 categories, 0 sections

Decent speed, but optimizing further could improve engagement.

Several missing protections leave your users and data exposed.

Several issues make your site difficult for assistive technology users.

Missing signals may be hurting your search visibility.

Solid infrastructure — fast server responses across the board.

Mostly compliant — a few items need attention.

Missing metadata means poor previews on social media and search.

Heavier than average — reducing page weight saves energy and bandwidth.

How is this calculated?

The overall score is a weighted average of individual category scores. Categories with more impact on user experience and security carry more weight.

Performance 25%Security 25%Accessibility 15%SEO 10%Infrastructure 10%Compliance 8%Content 5%Sustainability 2%

Weights reflect general web best practices. Individual needs may differ.

How the composite score is calculated

How you compare

AngularJS · 344 peers

You 71

Avg 73

At average

0 50 100

Better than 24% of AngularJS sites See full AngularJS benchmark →

Apple · 1044 peers

You 71

Avg 72

At average

0 50 100

Better than 22% of Apple sites See full Apple benchmark →

Top Priorities (5)

Content-Security-Policy header is missing

Security gaps expose your site and users to attacks, eroding trust.

Security › Security Headers

HSTS header is missing

Security gaps expose your site and users to attacks, eroding trust.

Security › Security Headers

No Content-Security-Policy header found

Security gaps expose your site and users to attacks, eroding trust.

Security › Content Security Policy

Page weighs 28.4 MB (20.4 MB transferred)

Performance issues directly impact user engagement and conversion rates.

Performance › Page Weight Budget

174 third-party resources (100% of weight)

Performance issues directly impact user engagement and conversion rates.

Performance › Page Weight Inventory

View fix priority matrix

Fix Priority Matrix

5 findings

Impact

Quick Wins

High impact, low effort — start here.

Strategic

High impact, requires investment.

Easy Improvements

Small gains, minimal effort.

Nothing in this quadrant — good news.

Deprioritize

Low impact, high effort — do last.

Nothing in this quadrant — good news.

← Low effort High effort →

Embed this badge

Markdown

[![BeaverCheck](https://beavercheck.com/badge?url=https%3A%2F%2Flilly.com)](https://beavercheck.com/results/0af6433c-d71f-4bc2-9ed9-398aba57fad8)

HTML

<a href="https://beavercheck.com/results/0af6433c-d71f-4bc2-9ed9-398aba57fad8"><img src="https://beavercheck.com/badge?url=https%3A%2F%2Flilly.com" alt="BeaverCheck Score"></a>

Image URL

https://beavercheck.com/badge?url=https%3A%2F%2Flilly.com

This badge auto-updates with your latest scan result.

What fixing these means

Your site performs reasonably well, but a few targeted fixes could meaningfully improve results. Your LCP of 27.2s exceeds Google's 2.5s 'Good' threshold and the 2 performance issues below directly contribute to it. Addressing the critical issues below would have the most immediate impact on your user trust.

3 security gaps detected — browsers may warn visitors about your site.

Your LCP is 27.2s — fixing the 2 performance criticals could bring it under Google's 2.5s 'Good' threshold.

Conversion Barriers

2 critical 6 warning

8 barrier(s) likely increasing bounce by ~30%.

Speed (2)

Page takes 27.2s to load

+12% bounce

Users abandon at ~3s — you're 24.7s over the 2.5s threshold

Fix: Optimize render-blocking resources, preload the hero image, and compress images

Page feels frozen for 1.8s

+5% bounce

Clicks on the primary CTA are ignored while JavaScript runs

Fix: Break up long tasks; defer non-critical JavaScript to post-hydration

Trust (2)

No HSTS header

+1% bounce

Returning visitors are briefly exposed to downgrade attacks on first request

Fix: Set Strict-Transport-Security: max-age=31536000; includeSubDomains

No Content-Security-Policy header

+1% bounce

Higher XSS blast radius — one compromised script can exfiltrate the checkout form

Fix: Ship a reporting-only CSP first, then enforce once violations are clean

Content (3)

No Open Graph tags

+2% bounce

Links shared on LinkedIn / Slack / Facebook show bare URLs — referral clicks drop

Fix: Add og:title, og:description, og:image, og:url to the page head

No structured data

+2% bounce

No rich-result eligibility in Google — lower SERP CTR vs competitors with stars and prices

Fix: Add JSON-LD for your page type (Product, Article, FAQPage, LocalBusiness, …)

Thin content

+3% bounce

Under 300 words — visitors bounce looking for substance, search engines rank competitors first

Fix: Add a substantive FAQ, product detail, or case-study section

Navigation (1)

No skip-to-content link

+1% bounce

Keyboard and screen-reader users must tab through the entire header on every page

Fix: Add a visible-on-focus <a href="#main">Skip to content</a> as the first focusable element

Preliminary CRO audit — each barrier links to the tab with detailed analysis.

Return on Investment

$550 investment → $5.14/month returns + USD 150,000 risk avoided

Payback period: > 2 years First-year ROI: -89%

Investment

$550

6h · 5 findings

Monthly returns

$5.14 /mo

~$62 / year

Bandwidth savings $5.14

Regulatory risk avoided

USD 150,000

if kept compliant

ADA Title III USD 150,000

$150 — in quick wins — start here for the fastest payback

Figures combine localized regulatory fine ceilings, search/conversion value priced against local CPC, and bandwidth waste estimates. Results depend on implementation quality and audience composition. Not legal or financial advice.

Full methodology & sources

Estimated Remediation Cost

$550

5.5 developer hours at $100/hr

Based on United States rates ($100/hr)

Quick wins

$150 3 fixes in ~90 minutes

Start here for the best return on investment

Cost by category

Cost by effort level

Adjust assumptions

Custom rate

$ /hr

Rates reflect fully-loaded developer cost including overhead

How developer rates are sourced

What Inaction Is Costing You

$12,505 / month at risk

~$150,062 / year if left unfixed

Compliance Risk

$150,000

ADA Title III

No <nav> landmark found
ADA Title III: USD 25,000 – USD 150,000
Skip navigation link is missing (WCAG 2.4.1)
ADA Title III: USD 25,000 – USD 150,000

Bandwidth Waste

$5.14 /mo

64290.3 MB/mo × 0.080 USD/GB

Optimize transfer: save ~6.4 MB per page load
Saves $5.14/mo

Compliance figures represent the statutory maximum fine for the most severe triggered category, capped per regulation — not the sum of per-finding penalties. Based on published regulatory fine ranges. This is not legal advice.

Compliance methodology · SEO assumptions · Bandwidth model

Your performance is already good — improvements may show diminishing returns

Monthly visitors

Unique monthly visitors from your analytics

Conversion rate (%)

Purchases, signups, or key actions

Avg. order value

Optional — for revenue estimation

additional conversions/month

more engaged visitors from reduced bounce

potential monthly revenue

Current bounce (est.)

After fixes (est.)

Estimated bounce reduction

Fix 4 critical issues to capture this value

How this is calculated

Based on Google/Deloitte research ("Milliseconds Make Millions") showing a ~7% bounce rate increase per additional second of LCP above the 2.5s "Good" threshold.

Your site's LCP: → estimated after fixes.

These are estimates based on industry research — actual results vary

Bounce-rate model & assumptions

Your data stays in your browser — nothing is sent to our servers

Was this report useful?

Thanks for your feedback!

We'll use a cached audit if available, or offer to scan.

Checking for existing audit...

Press ? for shortcuts

Lighthouse Scores

Industry-standard audits powered by Google Lighthouse.

Performance

Accessibility

Best Practices

100

SEO

Core Web Vitals

Key metrics that affect user experience.

First Contentful Paint First Contentful Paint — how long until the browser renders the first piece of content. Under 1.8s is good.

2.05 s

Largest Contentful Paint Largest Contentful Paint — how long until the largest visible element loads. Under 2.5s is good.

27.23 s

Total Blocking Time Total Blocking Time — total time the main thread was blocked, preventing user input. Under 200ms is good.

1.83 s

Cumulative Layout Shift Cumulative Layout Shift — measures visual stability. How much the page layout shifts during loading. Under 0.1 is good.

0.007

Speed Index Speed Index — how quickly content is visually displayed during load. Under 3.4s is good.

13.00 s

Time to Interactive Time to Interactive — how long until the page is fully interactive and responds to user input. Under 3.8s is good.

27.99 s

Detailed Report

Audit breakdown by category with detailed findings.

Performance

Insights

Remove large, duplicate JavaScript modules from bundles to reduce unnecessary bytes consumed by network activity.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile Baseline features, unless you know you must support older browsers. Learn why most sites can deploy ES6+ code without transpiling

Why this matters

Shipping ES5 transpiled code to modern browsers wastes bytes — every user with an evergreen browser pays for compatibility you don't need.

Learn more ▾

Most users today run browsers that natively support ES6+, async/await, optional chaining, and the rest of modern JavaScript. Transpiling to ES5 'just in case' adds 20-40% to your bundle for no benefit. Configure your build to target a modern browserslist, or ship a differential bundle pair (modern + legacy) with the module/nomodule pattern.

Source: Google web.dev / Lighthouse

3rd party code can significantly impact load performance. Reduce and defer loading of 3rd party code to prioritize your page's content.

Why this matters

Performance issues directly impact user engagement and conversion rates.

A long cache lifetime can speed up repeat visits to your page. Learn more about caching.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Request	Cache TTL	Transfer Size
federated-components.unex.lilly.com/vendors.js	300.0 s	1.3 MiB
/adobe/assets/urn:aaid:aem:48315b30-d67f-486a-9c52-54dff8...	600.0 s	251.8 KiB
/adobe/assets/urn:aaid:aem:b1647106-8193-4a27-aa40-5bca04...	600.0 s	237.2 KiB
/adobe/assets/urn:aaid:aem:4fb71091-0def-4552-b593-0b927e...	600.0 s	220.4 KiB
/adobe/assets/urn:aaid:aem:d282873b-f1a4-496b-aa91-6bf834...	600.0 s	129.5 KiB
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	3600.0 s	148.2 KiB
/adobe/assets/urn:aaid:aem:54c9067d-f229-4d08-8749-969fd5...	600.0 s	122.0 KiB
/adobe/assets/urn:aaid:aem:1f205ed9-7829-4461-a43d-f9b1a3...	600.0 s	105.9 KiB
/adobe/assets/urn:aaid:aem:5ae7ab98-a349-45dd-8e08-2a55fc...	600.0 s	90.6 KiB
/adobe/assets/urn:aaid:aem:3569e588-50ac-4f90-b2f6-ceec7d...	600.0 s	87.8 KiB
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	600.0 s	63.2 KiB
federated-components.unex.lilly.com/react-vendor.js	300.0 s	55.3 KiB
/adobe/assets/urn:aaid:aem:57640a7a-e61f-4180-8bd7-fb2837...	600.0 s	54.4 KiB
/adobe/assets/urn:aaid:aem:16699940-7460-4a1f-81a0-908d02...	600.0 s	52.4 KiB
/adobe/assets/urn:aaid:aem:bf00c577-6e36-4f2d-ba75-703604...	600.0 s	36.7 KiB
cscript-cdn-use.lilly.com/loader.js?1776890095749	0.0 ms	29.9 KiB
federated-components.unex.lilly.com/50.js	300.0 s	25.5 KiB
federated-components.unex.lilly.com/remoteEntry.js	300.0 s	23.4 KiB
/adobe/assets/urn:aaid:aem:0a7b0304-6b54-4e88-ac2b-60972f...	600.0 s	11.1 KiB
/adobe/assets/urn:aaid:aem:4ab9e605-1e9b-46ab-b500-2596a9...	600.0 s	10.8 KiB
cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js	10800.0 s	13.7 KiB
/adobe/assets/urn:aaid:aem:2843cade-80ee-42b6-b285-a1450f...	600.0 s	9.1 KiB
/adobe/assets/urn:aaid:aem:102c45fa-aa6c-4513-9c1c-e6c681...	600.0 s	9.0 KiB
federated-components.unex.lilly.com/InterstitialsWebComponent.js	300.0 s	7.3 KiB
federated-components.unex.lilly.com/FooterWebComponent.js	300.0 s	7.3 KiB
/adobe/assets/urn:aaid:aem:19a75759-301a-4010-9aff-83e4f8...	600.0 s	7.4 KiB
/adobe/assets/urn:aaid:aem:43477b14-155e-451a-97ab-465a42...	600.0 s	7.2 KiB
cscript-cdn-use.lilly.com/templates/Service/template.min.css	0.0 ms	5.8 KiB
federated-components.unex.lilly.com/271.js	300.0 s	4.6 KiB
federated-components.unex.lilly.com/HeaderWebComponent.js	300.0 s	3.7 KiB
federated-components.unex.lilly.com/loader-bootstrap.js	300.0 s	1.2 KiB
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC2ec7f03f92ff43d...	3600.0 s	1.1 KiB
federated-components.unex.lilly.com/component-loader.js	300.0 s	818 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC9bf3877145f3435...	3600.0 s	962 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC35cbd418e9d5431...	3600.0 s	779 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC9a0a3db8fb10404...	3600.0 s	768 B
federated-components.unex.lilly.com/env-config.js	300.0 s	631 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC3756add2692e419...	3600.0 s	730 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC3a67fcc301e8498...	3600.0 s	672 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC6737a5f5956a45b...	3600.0 s	643 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC45ff3a6e8a4a4a8...	3600.0 s	626 B
federated-components.unex.lilly.com/unex-footer-loader.js	300.0 s	361 B
federated-components.unex.lilly.com/unex-interstitials-loader.js	300.0 s	338 B
federated-components.unex.lilly.com/unex-header-loader.js	300.0 s	338 B
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	600.0 s	0 B
/adobe/assets/urn:aaid:aem:57640a7a-e61f-4180-8bd7-fb2837...	600.0 s	0 B
/adobe/assets/urn:aaid:aem:57640a7a-e61f-4180-8bd7-fb2837...	600.0 s	0 B
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	600.0 s	0 B

Your first network request is the most important. Reduce its latency by avoiding redirects, ensuring a fast server response, and enabling text compression.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Each subpart has specific improvement strategies. Ideally, most of the LCP time should be spent on loading the resources, not within delays.

Why this matters

Performance issues directly impact user engagement and conversion rates.

headings: [map[key:label label:Subpart valueType:text] map[key:duration label:Duration valueType:ms]]

items: [map[duration:168.066 label:Time to first byte subpart:timeToFirstByte] map[duration:253.157 label:Resource load delay subpart:resourceLoadDelay] map[duration:783.229 label:Resource load duration subpart:resourceLoadDuration] map[duration:5181.246 label:Element render delay subpart:elementRenderDelay]]

lhId: page-0-VIDEO

nodeLabel: div.primary-hero > div.scroll-container > div.hero-video > video

path: 1,HTML,1,BODY,2,MAIN,0,DIV,0,DIV,0,DIV,0,DIV,0,DIV,1,VIDEO

selector: div.primary-hero > div.scroll-container > div.hero-video > video

snippet: <video autoplay="" loop="" playsinline="" aria-hidden="true">

Optimize LCP by making the LCP image discoverable from the HTML immediately, and avoiding lazy-loading

Why this matters

Performance issues directly impact user engagement and conversion rates.

lhId: page-0-VIDEO

nodeLabel: div.primary-hero > div.scroll-container > div.hero-video > video

path: 1,HTML,1,BODY,2,MAIN,0,DIV,0,DIV,0,DIV,0,DIV,0,DIV,1,VIDEO

selector: div.primary-hero > div.scroll-container > div.hero-video > video

snippet: <video autoplay="" loop="" playsinline="" aria-hidden="true">

Avoid chaining critical requests by reducing the length of chains, reducing the download size of resources, or deferring the download of unnecessary resources to improve page load.

Why this matters

Performance issues directly impact user engagement and conversion rates.

description: [preconnect](https://developer.chrome.com/docs/lighthouse/performance/uses-rel-preconnect/) hints help the browser establish a connection earlier in the page load, saving time when the first request for that origin is made. The following are the origins that the page preconnected to.

title: Preconnected origins

value: no origins were preconnected

description: Add [preconnect](https://developer.chrome.com/docs/lighthouse/performance/uses-rel-preconnect/) hints to your most important origins, but try to use no more than 4.

title: Preconnect candidates

Requests are blocking the page's initial render, which may delay LCP. Deferring or inlining can move these network requests out of the critical path.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Transfer Size	Duration
www.lilly.com/eds/styles/isi.css	2.0 KiB
www.lilly.com/eds/styles/utility.css	717 B
www.lilly.com/eds/lds/lds.css	10.6 KiB	166 ms
www.lilly.com/eds/styles/typography.css	1.8 KiB
www.lilly.com/eds/styles/styles.css	3.9 KiB

Reducing the download time of images can improve the perceived load time of the page and LCP. Learn more about optimizing image size

Why this matters

Performance issues directly impact user engagement and conversion rates.

	URL	Resource Size	Est Savings
Woman drying her face after showering `div.cardcontainer > div.media-carousel-item > div.media-carousel-image-wrapper > img.media-carousel-image`	/adobe/assets/urn:aaid:aem:4fb71091-0def-4552-b593-0b927e...	220.1 KiB	209.8 KiB
Older couple sitting on a living room couch as the woman looks at the man as he… `div.cardcontainer > div.media-carousel-item > div.media-carousel-image-wrapper > img.media-carousel-image`	/adobe/assets/urn:aaid:aem:54c9067d-f229-4d08-8749-969fd5...	121.6 KiB	111.3 KiB
Photo of Mary standing in the doorway of her home `ul.video-carousel-itemlist-container > li.video-carousel-item-container > div.video-carousel-content-container > img.video-carousel-image`	/adobe/assets/urn:aaid:aem:1f205ed9-7829-4461-a43d-f9b1a3...	105.5 KiB	16.4 KiB

These insights are also available in the Chrome DevTools Performance Panel - record a trace to view more detailed information.

Time to Interactive is the amount of time it takes for the page to become fully interactive. Learn more about the Time to Interactive metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

TTI

The maximum potential First Input Delay that your users could experience is the duration of the longest task. Learn more about the Maximum Potential First Input Delay metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Redirects introduce additional delays before the page can be loaded. Learn how to avoid page redirects.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 801 ms

URL	Time Spent
lilly.com/	801 ms
www.lilly.com/	0.0 ms

Diagnostics

Minifying JavaScript files can reduce payload sizes and script parse time. Learn how to minify JavaScript.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 0.0 ms 5.4 KiB

URL	Transfer Size	Est Savings
www.lilly.com/eds/scripts/aem.js	7.2 KiB	2.9 KiB
www.lilly.com/eds/utils/isi.js	5.9 KiB	2.6 KiB

Reduce unused JavaScript and defer loading scripts until they are required to decrease bytes consumed by network activity. Learn how to reduce unused JavaScript.

Why this matters

Multi-megabyte JavaScript bundles delay every interactive feature on the page.

Learn more ▾

This is the Lighthouse audit fired when too much JS is shipped relative to what executes. The fix isn't a config flag — it requires bundle analysis (webpack-bundle-analyzer, rollup-plugin-visualizer), splitting routes into chunks, lazy-loading off-screen components, and removing unused dependencies. Fundamentally different from minification: minifying reduces byte count, this reduces what's downloaded at all.

Source: Google web.dev / Lighthouse

Estimated savings: 2.4 s 382.5 KiB

URL	Transfer Size	Est Savings
federated-components.unex.lilly.com/vendors.js	1.3 MiB	204.0 KiB
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	116.8 KiB	82.0 KiB
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	147.9 KiB	51.4 KiB
federated-components.unex.lilly.com/react-vendor.js	55.0 KiB	24.6 KiB
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	50.0 KiB	20.6 KiB

Consider reducing the time spent parsing, compiling, and executing JS. You may find delivering smaller JS payloads helps with this. Learn how to reduce Javascript execution time.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Total CPU Time	Script Evaluation	Script Parse
cscript-cdn-use.lilly.com/loader.js?1776890095749	1.9 s	1.6 s	44 ms
federated-components.unex.lilly.com/vendors.js	1.3 s	741 ms	509 ms
Unattributable	750 ms	97 ms	0.0 ms
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	682 ms	611 ms	47 ms
www.lilly.com/eds/utils/carousel.js	419 ms	123 ms	0.5 ms
www.lilly.com/	289 ms	16 ms	0.5 ms
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	193 ms	130 ms	60 ms
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	147 ms	86 ms	19 ms
federated-components.unex.lilly.com/remoteEntry.js	98 ms	73 ms	23 ms
federated-components.unex.lilly.com/react-vendor.js	64 ms	17 ms	12 ms
www.lilly.com/eds/scripts/scripts.js	58 ms	14 ms	0.1 ms

Consider reducing the time spent parsing, compiling and executing JS. You may find delivering smaller JS payloads helps with this. Learn how to minimize main-thread work

Why this matters

Performance issues directly impact user engagement and conversion rates.

Category	Time Spent
Script Evaluation	3.7 s
Other	1.2 s
Script Parsing & Compilation	762 ms
Style & Layout	299 ms
Parse HTML & CSS	138 ms
Garbage Collection	99 ms
Rendering	79 ms

Minifying CSS files can reduce network payload sizes. Learn how to minify CSS.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 0.0 ms 72.6 KiB

URL	Transfer Size	Est Savings
@charset "UTF-8"; /* stylelint-disable selector-id-pattern / / * LDS CSS Baseline/Reset * Optim…	149.8 KiB	51.1 KiB
@charset "UTF-8"; /* @elilillyco/design-system-tokens@3.1.0 - Theme: CORE / /* * Do not edit dir…	38.2 KiB	11.7 KiB
@charset "UTF-8"; /* @elilillyco/design-system-tokens@3.1.0 - Theme: CORE / /* * Do not edit dir…	30.3 KiB	9.8 KiB

Reduce unused rules from stylesheets and defer CSS not used for above-the-fold content to decrease bytes consumed by network activity. Learn how to reduce unused CSS.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 0.0 ms 80.2 KiB

URL	Transfer Size	Est Savings
@charset "UTF-8"; /* stylelint-disable selector-id-pattern / / * LDS CSS Baseline/Reset * Optim…	149.8 KiB	80.2 KiB

Large network payloads cost users real money and are highly correlated with long load times. Learn how to reduce payload sizes.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Transfer Size
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	16.7 MiB
federated-components.unex.lilly.com/vendors.js	1.3 MiB
/adobe/assets/urn:aaid:aem:48315b30-d67f-486a-9c52-54dff8...	251.8 KiB
/adobe/assets/urn:aaid:aem:b1647106-8193-4a27-aa40-5bca04...	237.2 KiB
/adobe/assets/urn:aaid:aem:4fb71091-0def-4552-b593-0b927e...	220.4 KiB
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	148.2 KiB
/adobe/assets/urn:aaid:aem:d282873b-f1a4-496b-aa91-6bf834...	129.5 KiB
/adobe/assets/urn:aaid:aem:54c9067d-f229-4d08-8749-969fd5...	122.0 KiB
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	117.3 KiB
/adobe/assets/urn:aaid:aem:1f205ed9-7829-4461-a43d-f9b1a3...	105.9 KiB

Set an explicit width and height on image elements to reduce layout shifts and improve CLS. Learn how to set image dimensions

Why this matters

Performance issues directly impact user engagement and conversion rates.

	URL
LillyDirect logo `div.hero > div.container > div.lds-layout-container > img.icon`	/adobe/assets/urn:aaid:aem:4ab9e605-1e9b-46ab-b500-2596a9...

More information about the performance of your application. These numbers don't directly affect the Performance score.

●Layout shift culprits

●Optimize DOM size

●Font display

●Forced reflow

●Modern HTTP

●Optimize viewport for mobile

●Avoid long main-thread tasks 9 long tasks found

●Page didn't prevent back/forward cache restoration

●Network Requests

●Network Round Trip Times 170 ms

●Server Backend Latencies 390 ms

●Tasks

●Diagnostics

●Metrics

●Screenshot Thumbnails

●Final Screenshot

●Script Treemap Data

●Resources Summary

●Initial server response time was short Root document took 50 ms

●Avoid large layout shifts 1 layout shift found

○INP breakdown

○User Timing marks and measures

○Avoid non-composited animations

Accessibility

These checks highlight opportunities to improve the accessibility of your web app. Automatic detection can only detect a subset of issues and does not guarantee the accessibility of your web app, so manual testing is also encouraged.

ARIA

Using ARIA attributes in roles where they are prohibited can mean that important information is not communicated to users of assistive technologies. Learn more about prohibited ARIA roles.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
dots pagination `div.cards-wrapper > div.cards > div.pagination-wrapper > div.dots-pagination-container`

These are opportunities to improve the usage of ARIA in your application which may enhance the experience for users of assistive technology, like a screen reader.

Visible text labels that do not match the accessible name can result in a confusing experience for screen reader users. Learn more about accessible names.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Get started `div.text-component-wrapper > div.text-component > div.cta-button > a.cta-button-filled`
Get medicine `div.text-component-wrapper > div.text-component > div.cta-button > a.cta-button-filled`
View trials `div.text-component-wrapper > div.text-component > div.cta-button > a.cta-button-filled`
Explore Condition `div.cardcontainer > div.media-carousel-item > div.media-carousel-content > a.media-carousel-cta`
Get medicine `div.container > div.lds-layout-container > div.btn-container > a.cta-button-filled`
Watch patient story `li.video-carousel-item-container > div.video-carousel-content-container > div.video-carousel-content > button.cta-button-filled`
Video Transcript `div.video > div.video-carousel-transcript-footer > div.transcript-container > div.transcript-label-container`
How to spot counterfeits `li.cardcontainer > div.cta-container > div.cta-button-primary > a.cta-text`
Alzheimer’s disease `div.link-list > ul.link-list__items > li.link-list__item > a.link-footer`
Research & development `div.link-list > ul.link-list__items > li.link-list__item > a.link-footer`
Access & affordability resources `div.link-list > ul.link-list__items > li.link-list__item > a.link-footer`

○Interactive controls are keyboard focusable

○Interactive elements indicate their purpose and state

○The page has a logical tab order

○Visual order on the page follows DOM order

○User focus is not accidentally trapped in a region

○The user's focus is directed to new content added to the page

○HTML5 landmark elements are used to improve navigation

○Offscreen content is hidden from assistive technology

○Custom controls have associated labels

○Custom controls have ARIA roles

●`[aria-*]` attributes match their roles

●`[aria-hidden="true"]` is not present on the document `<body>`

●`[role]`s have all required `[aria-*]` attributes

●Elements with an ARIA `[role]` that require children to contain a specific `[role]` have all required children.

●`[role]`s are contained by their required parent element

●`[role]` values are valid

●`[aria-*]` attributes have valid values

●`[aria-*]` attributes are valid and not misspelled

●Buttons have an accessible name

●Image elements have `[alt]` attributes

●`[user-scalable="no"]` is not used in the `<meta name="viewport">` element and the `[maximum-scale]` attribute is not less than 5.

●`button`, `link`, and `menuitem` elements have accessible names

●ARIA attributes are used as specified for the element's role

●Elements with `role="dialog"` or `role="alertdialog"` have accessible names.

●`[aria-hidden="true"]` elements do not contain focusable descendents

●Background and foreground colors have a sufficient contrast ratio

●Document has a `<title>` element

●`<html>` element has a `[lang]` attribute

●`<html>` element has a valid value for its `[lang]` attribute

●Links are distinguishable without relying on color.

●Links have a discernible name

●Lists contain only `<li>` elements and script supporting elements (`<script>` and `<template>`).

●List items (`<li>`) are contained within `<ul>`, `<ol>` or `<menu>` parent elements

●No element has a `[tabindex]` value greater than 0

●Touch targets have sufficient size and spacing.

●Heading elements appear in a sequentially-descending order

●Document has a main landmark.

●Deprecated ARIA roles were not used

●ARIA IDs are unique

●Identical links have the same purpose.

○`[accesskey]` values are unique

○ARIA input fields have accessible names

○ARIA `meter` elements have accessible names

○ARIA `progressbar` elements have accessible names

○Elements with the `role=text` attribute do not have focusable descendents.

○ARIA toggle fields have accessible names

○ARIA `tooltip` elements have accessible names

○ARIA `treeitem` elements have accessible names

○The page contains a heading, skip link, or landmark region

○`<dl>`'s contain only properly-ordered `<dt>` and `<dd>` groups, `<script>`, `<template>` or `<div>` elements.

○Definition list items are wrapped in `<dl>` elements

○No form fields have multiple labels

○`<frame>` or `<iframe>` elements have a title

○`<html>` element has an `[xml:lang]` attribute with the same base language as the `[lang]` attribute.

○Input buttons have discernible text.

○`<input type="image">` elements have `[alt]` text

○Form elements have associated labels

○The document does not use `<meta http-equiv="refresh">`

○`<object>` elements have alternate text

○Select elements have associated label elements.

○Skip links are focusable.

○Cells in a `<table>` element that use the `[headers]` attribute refer to table cells within the same table.

○`<th>` elements and elements with `[role="columnheader"/"rowheader"]` have data cells they describe.

○`[lang]` attributes have a valid value

○`<video>` elements contain a `<track>` element with `[kind="captions"]`

○Tables have different content in the summary attribute and `<caption>`.

○All heading elements contain content.

○Uses ARIA roles only on compatible elements

○Image elements do not have `[alt]` attributes that are redundant text.

○Tables use `<caption>` instead of cells with the `[colspan]` attribute to indicate a caption.

○`<td>` elements in a large `<table>` have one or more table headers.

Best Practices

General

Errors logged to the console indicate unresolved problems. They can come from network request failures and other browser concerns. Learn more about this errors in console diagnostic audit

Why this matters

Performance issues directly impact user engagement and conversion rates.

Source	Description
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.akouosresonate.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.aparito.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.campcaresportal.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.centralizedpaymentservices.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.customerprogramportal.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.dialogforum-demenz.de/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.earlybreastcancer.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.ebcdecisionaid.ca/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.emgality-patient.jp/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.facultyresources.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.kaeyou-dm.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.learnobesity.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lilly360.com.br/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lilly360.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillycardactivation.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillycares.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyclinic.com.sg/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyinvestigatorresearch.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyloxooncologypipeline.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyoncology.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyoncologypipeline.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyoncologysupport.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillypatientesign.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillypatientsupport.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillyrsvp.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lillytempo.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.lrlscience.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.myregistrationc.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.olumiant.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.omvoh.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.otofclinicaltrial.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.protomer.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.reinforcinghope.info/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.reyvow-patient.jp/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.startlilly.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.syrenis.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.talkabouttrials.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.taltz.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.tap.lilly/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.tempoinsights.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.true.lilly/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.vervetrials.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.verzenio.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.voucheraccess.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	Connecting to 'https://ids-use.vsclinicaltrial.com/Home/CreateIdentifier?cassieGuid=91ec3f39-3366-4b68-9438-e4abe3f7771b&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
www.lilly.com/eds/utils/isi.js line 828, col 12	`Error creating ISI component: TypeError: Cannot read properties of null (reading 'classList') at ISI.initializeViewportState (https://www.lilly.com/eds/utils/isi.js:395:17) at ISI.init (https://www.lilly.com/eds/utils/isi.js:777:10) at async createISI (https://www.lilly.com/eds/utils/isi.js:814:23) at async createISIDecorate (https://www.lilly.com/eds/utils/isi.js:849:3)`
www.lilly.com/eds/utils/isi.js line 170, col 14	`Failed to fetch ISI content from primary URL`
www.lilly.com/	Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'self' 'unsafe-eval' https://rum.hlx.page .tapad.com .bing.com .kaltura.com/ .cassiecloud.com https://google-analytics.com https://www.googletagmanager.com .google-analytics.com https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com .turn.com .myadvocado.com .doubleclick.net .google.com .salesforceliveagent.com .gstatic.com .googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net .googleapis.com assets.adobedtm.com assets.ctfassets.net .kisunla.com .soundcloud.com .recaptcha.net https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com bugcrowd.com .assets.bugcrowdusercontent.com https://assets.bugcrowdusercontent.com/assets/packs/external_submissions-b3f69456b390e9020f61ae89e8eec3f6c050062571ce52bcb6fda6d0d81e2828.js .lilly.com .kampyle.com .medallia.com https://cdn.signalfx.com https://llycw.com *.llycw.com https://login.microsoftonline.com https://cdn.decibelinsight.net https://collection.decibelinsight.net https://widget.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cscript-cdn-use-uat.aem.live https://apps.healthgrades.com https://cdn.auth0.com https://cscript-cdn-use-uat.lilly.com https://aim-tag.hcn.health". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.
www.lilly.com/eds/scripts/scripts.js line 280, col 4	`ReferenceError: scriptTypeMetaTag is not defined at loadSchemaJson (https://www.lilly.com/eds/scripts/scripts.js:281:5) at loadPage (https://www.lilly.com/eds/scripts/scripts.js:292:3)`

Issues logged to the `Issues` panel in Chrome Devtools indicate unresolved problems. They can come from network request failures, insufficient security controls, and other browser concerns. Open up the Issues panel in Chrome DevTools for more details on each issue.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Issue type
Content security policy

Source maps translate minified code to the original source code. This helps developers debug in production. In addition, Lighthouse is able to provide further insights. Consider deploying source maps to take advantage of these benefits. Learn more about source maps.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Map URL
federated-components.unex.lilly.com/vendors.js
cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js	cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js.map
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js.map
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js.map

●Uses HTTPS

●Avoids deprecated APIs

●Avoids third-party cookies

●Allows users to paste into input fields

●Avoids requesting the geolocation permission on page load

●Avoids requesting the notification permission on page load

●Displays images with correct aspect ratio

●Serves images with appropriate resolution

●Page has the HTML doctype

●Properly defines charset

●Ensure CSP is effective against XSS attacks

●Use a strong HSTS policy

●Ensure proper origin isolation with COOP

●Mitigate clickjacking with XFO or CSP

●Mitigate DOM-based XSS with Trusted Types

●Detected JavaScript libraries

○Redirects HTTP traffic to HTTPS

100

SEO

These checks ensure that your page is following basic search engine optimization advice. There are many additional factors Lighthouse does not score here that may affect your search ranking, including performance on Core Web Vitals. Learn more about Google Search Essentials.

○Structured data is valid

●Page isn’t blocked from indexing

●Document has a `<title>` element

●Document has a meta description

●Page has successful HTTP status code

●Links have descriptive text

●Links are crawlable

●robots.txt is valid

●Image elements have `[alt]` attributes

●Document has a valid `hreflang`

●Document has a valid `rel=canonical`

Lighthouse Scores

Industry-standard audits powered by Google Lighthouse. — Desktop

Performance

100

Accessibility

Best Practices

100

SEO

Core Web Vitals

Key metrics that affect user experience. — Desktop

First Contentful Paint First Contentful Paint — how long until the browser renders the first piece of content. Under 1.8s is good.

663 ms

Largest Contentful Paint Largest Contentful Paint — how long until the largest visible element loads. Under 2.5s is good.

1.06 s

Total Blocking Time Total Blocking Time — total time the main thread was blocked, preventing user input. Under 200ms is good.

374 ms

Cumulative Layout Shift Cumulative Layout Shift — measures visual stability. How much the page layout shifts during loading. Under 0.1 is good.

0.001

Speed Index Speed Index — how quickly content is visually displayed during load. Under 3.4s is good.

3.23 s

Time to Interactive Time to Interactive — how long until the page is fully interactive and responds to user input. Under 3.8s is good.

5.76 s

Detailed Report

Audit breakdown by category with detailed findings.

Performance

Insights

Remove large, duplicate JavaScript modules from bundles to reduce unnecessary bytes consumed by network activity.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Why this matters

Shipping ES5 transpiled code to modern browsers wastes bytes — every user with an evergreen browser pays for compatibility you don't need.

Learn more ▾

Source: Google web.dev / Lighthouse

3rd party code can significantly impact load performance. Reduce and defer loading of 3rd party code to prioritize your page's content.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Your first network request is the most important. Reduce its latency by avoiding redirects, ensuring a fast server response, and enabling text compression.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Optimize LCP by making the LCP image discoverable from the HTML immediately, and avoiding lazy-loading

Why this matters

Performance issues directly impact user engagement and conversion rates.

lhId: page-0-VIDEO

nodeLabel: div.primary-hero > div.scroll-container > div.hero-video > video

path: 1,HTML,1,BODY,2,MAIN,0,DIV,0,DIV,0,DIV,0,DIV,0,DIV,1,VIDEO

selector: div.primary-hero > div.scroll-container > div.hero-video > video

snippet: <video autoplay="" loop="" playsinline="" aria-hidden="true">

Avoid chaining critical requests by reducing the length of chains, reducing the download size of resources, or deferring the download of unnecessary resources to improve page load.

Why this matters

Performance issues directly impact user engagement and conversion rates.

title: Preconnected origins

value: no origins were preconnected

description: Add [preconnect](https://developer.chrome.com/docs/lighthouse/performance/uses-rel-preconnect/) hints to your most important origins, but try to use no more than 4.

title: Preconnect candidates

Requests are blocking the page's initial render, which may delay LCP. Deferring or inlining can move these network requests out of the critical path.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Transfer Size	Duration
www.lilly.com/eds/lds/lds.css	10.6 KiB	56 ms
www.lilly.com/eds/styles/styles.css	3.8 KiB
www.lilly.com/eds/styles/utility.css	712 B
www.lilly.com/eds/styles/typography.css	1.8 KiB
www.lilly.com/eds/styles/isi.css	2.0 KiB

A long cache lifetime can speed up repeat visits to your page. Learn more about caching.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Request	Cache TTL	Transfer Size
federated-components.unex.lilly.com/vendors.js	300.0 s	1.3 MiB
/adobe/assets/urn:aaid:aem:48315b30-d67f-486a-9c52-54dff8...	600.0 s	251.9 KiB
/adobe/assets/urn:aaid:aem:b1647106-8193-4a27-aa40-5bca04...	600.0 s	237.4 KiB
/adobe/assets/urn:aaid:aem:4fb71091-0def-4552-b593-0b927e...	600.0 s	220.6 KiB
/adobe/assets/urn:aaid:aem:d282873b-f1a4-496b-aa91-6bf834...	600.0 s	129.4 KiB
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	3600.0 s	148.2 KiB
/adobe/assets/urn:aaid:aem:54c9067d-f229-4d08-8749-969fd5...	600.0 s	122.1 KiB
/adobe/assets/urn:aaid:aem:1f205ed9-7829-4461-a43d-f9b1a3...	600.0 s	105.8 KiB
/adobe/assets/urn:aaid:aem:5ae7ab98-a349-45dd-8e08-2a55fc...	600.0 s	90.6 KiB
/adobe/assets/urn:aaid:aem:3569e588-50ac-4f90-b2f6-ceec7d...	600.0 s	87.5 KiB
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	600.0 s	62.9 KiB
federated-components.unex.lilly.com/react-vendor.js	300.0 s	55.2 KiB
/adobe/assets/urn:aaid:aem:57640a7a-e61f-4180-8bd7-fb2837...	600.0 s	54.5 KiB
/adobe/assets/urn:aaid:aem:16699940-7460-4a1f-81a0-908d02...	600.0 s	52.3 KiB
/adobe/assets/urn:aaid:aem:bf00c577-6e36-4f2d-ba75-703604...	600.0 s	36.8 KiB
cscript-cdn-use.lilly.com/loader.js?1776890116591	0.0 ms	29.9 KiB
federated-components.unex.lilly.com/50.js	300.0 s	25.6 KiB
federated-components.unex.lilly.com/remoteEntry.js	300.0 s	23.4 KiB
/adobe/assets/urn:aaid:aem:0a7b0304-6b54-4e88-ac2b-60972f...	600.0 s	11.4 KiB
/adobe/assets/urn:aaid:aem:4ab9e605-1e9b-46ab-b500-2596a9...	600.0 s	10.9 KiB
cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js	10800.0 s	13.7 KiB
/adobe/assets/urn:aaid:aem:2843cade-80ee-42b6-b285-a1450f...	600.0 s	9.0 KiB
/adobe/assets/urn:aaid:aem:102c45fa-aa6c-4513-9c1c-e6c681...	600.0 s	8.9 KiB
federated-components.unex.lilly.com/InterstitialsWebComponent.js	300.0 s	7.3 KiB
federated-components.unex.lilly.com/FooterWebComponent.js	300.0 s	7.3 KiB
/adobe/assets/urn:aaid:aem:19a75759-301a-4010-9aff-83e4f8...	600.0 s	7.2 KiB
/adobe/assets/urn:aaid:aem:43477b14-155e-451a-97ab-465a42...	600.0 s	7.2 KiB
cscript-cdn-use.lilly.com/templates/Service/template.min.css	0.0 ms	5.8 KiB
federated-components.unex.lilly.com/271.js	300.0 s	4.6 KiB
federated-components.unex.lilly.com/HeaderWebComponent.js	300.0 s	3.6 KiB
federated-components.unex.lilly.com/loader-bootstrap.js	300.0 s	1.2 KiB
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC2ec7f03f92ff43d...	3600.0 s	1.1 KiB
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC9bf3877145f3435...	3600.0 s	962 B
federated-components.unex.lilly.com/component-loader.js	300.0 s	774 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC35cbd418e9d5431...	3600.0 s	779 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC9a0a3db8fb10404...	3600.0 s	768 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC3756add2692e419...	3600.0 s	730 B
federated-components.unex.lilly.com/env-config.js	300.0 s	575 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC3a67fcc301e8498...	3600.0 s	672 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC6737a5f5956a45b...	3600.0 s	643 B
/d8c48e012a5d/d1d9cb2d2584/f6914cabdca3/RC45ff3a6e8a4a4a8...	3600.0 s	626 B
federated-components.unex.lilly.com/unex-footer-loader.js	300.0 s	351 B
federated-components.unex.lilly.com/unex-interstitials-loader.js	300.0 s	338 B
federated-components.unex.lilly.com/unex-header-loader.js	300.0 s	338 B
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	600.0 s	0 B
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	600.0 s	0 B
/adobe/assets/urn:aaid:aem:57640a7a-e61f-4180-8bd7-fb2837...	600.0 s	0 B

Reducing the download time of images can improve the perceived load time of the page and LCP. Learn more about optimizing image size

Why this matters

Performance issues directly impact user engagement and conversion rates.

	URL	Resource Size	Est Savings
Woman drying her face after showering `div.cardcontainer > div.media-carousel-item > div.media-carousel-image-wrapper > img.media-carousel-image`	/adobe/assets/urn:aaid:aem:4fb71091-0def-4552-b593-0b927e...	220.1 KiB	197.8 KiB
Older couple sitting on a living room couch as the woman looks at the man as he… `div.cardcontainer > div.media-carousel-item > div.media-carousel-image-wrapper > img.media-carousel-image`	/adobe/assets/urn:aaid:aem:54c9067d-f229-4d08-8749-969fd5...	121.6 KiB	109.4 KiB
Woman with cancer wearing a headwrap and staring out a sunny window `div.cardcontainer > div.media-carousel-item > div.media-carousel-image-wrapper > img.media-carousel-image`	/adobe/assets/urn:aaid:aem:3569e588-50ac-4f90-b2f6-ceec7d...	87.2 KiB	76.8 KiB
Photo of Mary standing in the doorway of her home `ul.video-carousel-itemlist-container > li.video-carousel-item-container > div.video-carousel-content-container > img.video-carousel-image`	/adobe/assets/urn:aaid:aem:1f205ed9-7829-4461-a43d-f9b1a3...	105.5 KiB	17.9 KiB

These insights are also available in the Chrome DevTools Performance Panel - record a trace to view more detailed information.

Redirects introduce additional delays before the page can be loaded. Learn how to avoid page redirects.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 245 ms

URL	Time Spent
lilly.com/	245 ms
www.lilly.com/	0.0 ms

Time to Interactive is the amount of time it takes for the page to become fully interactive. Learn more about the Time to Interactive metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

TTI

The maximum potential First Input Delay that your users could experience is the duration of the longest task. Learn more about the Maximum Potential First Input Delay metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Diagnostics

Minifying CSS files can reduce network payload sizes. Learn how to minify CSS.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 0.0 ms 72.6 KiB

URL	Transfer Size	Est Savings
@charset "UTF-8"; /* stylelint-disable selector-id-pattern / / * LDS CSS Baseline/Reset * Optim…	149.8 KiB	51.1 KiB
@charset "UTF-8"; /* @elilillyco/design-system-tokens@3.1.0 - Theme: CORE / /* * Do not edit dir…	38.2 KiB	11.7 KiB
@charset "UTF-8"; /* @elilillyco/design-system-tokens@3.1.0 - Theme: CORE / /* * Do not edit dir…	30.3 KiB	9.8 KiB

Minifying JavaScript files can reduce payload sizes and script parse time. Learn how to minify JavaScript.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 0.0 ms 5.4 KiB

URL	Transfer Size	Est Savings
www.lilly.com/eds/scripts/aem.js	7.2 KiB	2.9 KiB
www.lilly.com/eds/utils/isi.js	5.9 KiB	2.6 KiB

Reduce unused rules from stylesheets and defer CSS not used for above-the-fold content to decrease bytes consumed by network activity. Learn how to reduce unused CSS.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Estimated savings: 0.0 ms 80.2 KiB

URL	Transfer Size	Est Savings
@charset "UTF-8"; /* stylelint-disable selector-id-pattern / / * LDS CSS Baseline/Reset * Optim…	149.8 KiB	80.2 KiB

Reduce unused JavaScript and defer loading scripts until they are required to decrease bytes consumed by network activity. Learn how to reduce unused JavaScript.

Why this matters

Multi-megabyte JavaScript bundles delay every interactive feature on the page.

Learn more ▾

Source: Google web.dev / Lighthouse

Estimated savings: 0.0 ms 382.9 KiB

URL	Transfer Size	Est Savings
federated-components.unex.lilly.com/vendors.js	1.3 MiB	204.0 KiB
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	116.8 KiB	82.2 KiB
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	147.9 KiB	51.4 KiB
federated-components.unex.lilly.com/react-vendor.js	55.0 KiB	24.8 KiB
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	50.0 KiB	20.6 KiB

Large network payloads cost users real money and are highly correlated with long load times. Learn how to reduce payload sizes.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Transfer Size
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	27.2 MiB
federated-components.unex.lilly.com/vendors.js	1.3 MiB
/adobe/assets/urn:aaid:aem:48315b30-d67f-486a-9c52-54dff8...	251.9 KiB
/adobe/assets/urn:aaid:aem:b1647106-8193-4a27-aa40-5bca04...	237.4 KiB
/adobe/assets/urn:aaid:aem:4fb71091-0def-4552-b593-0b927e...	220.6 KiB
assets.adobedtm.com/d8c48e012a5d/d1d9cb2d2584/launch-2af93aba9257.min.js	148.2 KiB
/adobe/assets/urn:aaid:aem:d282873b-f1a4-496b-aa91-6bf834...	129.4 KiB
/adobe/assets/urn:aaid:aem:54c9067d-f229-4d08-8749-969fd5...	122.1 KiB
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	117.3 KiB
/adobe/assets/urn:aaid:aem:2b1168e1-3707-436a-ab96-90ab2e...	110.1 KiB

Set an explicit width and height on image elements to reduce layout shifts and improve CLS. Learn how to set image dimensions

Why this matters

Performance issues directly impact user engagement and conversion rates.

	URL
LillyDirect logo `div.hero > div.container > div.lds-layout-container > img.icon`	/adobe/assets/urn:aaid:aem:4ab9e605-1e9b-46ab-b500-2596a9...

More information about the performance of your application. These numbers don't directly affect the Performance score.

●Layout shift culprits

●Optimize DOM size

●Font display

●Forced reflow

●LCP breakdown

●Modern HTTP

●Optimize viewport for mobile

●JavaScript execution time 1.0 s

●Minimizes main-thread work 1.8 s

●Avoid long main-thread tasks 4 long tasks found

●Page didn't prevent back/forward cache restoration

●Network Requests

●Network Round Trip Times 180 ms

●Server Backend Latencies 460 ms

●Tasks

●Diagnostics

●Metrics

●Screenshot Thumbnails

●Final Screenshot

●Script Treemap Data

●Resources Summary

●Initial server response time was short Root document took 150 ms

●Avoid large layout shifts 2 layout shifts found

○INP breakdown

○User Timing marks and measures

○Avoid non-composited animations

100

Accessibility

Visible text labels that do not match the accessible name can result in a confusing experience for screen reader users. Learn more about accessible names.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Get started `div.text-component-wrapper > div.text-component > div.cta-button > a.cta-button-filled`
Get medicine `div.text-component-wrapper > div.text-component > div.cta-button > a.cta-button-filled`
View trials `div.text-component-wrapper > div.text-component > div.cta-button > a.cta-button-filled`
Explore Condition `div.cardcontainer > div.media-carousel-item > div.media-carousel-content > a.media-carousel-cta`
Get medicine `div.container > div.lds-layout-container > div.btn-container > a.cta-button-filled`
Watch patient story `li.video-carousel-item-container > div.video-carousel-content-container > div.video-carousel-content > button.cta-button-filled`
Video Transcript `div.video > div.video-carousel-transcript-footer > div.transcript-container > div.transcript-label-container`
How to spot counterfeits `li.cardcontainer > div.cta-container > div.cta-button-primary > a.cta-text`
What is genetic medicine `li.cardcontainer > div.cta-container > div.cta-button-primary > a.cta-text`
Alzheimer’s disease `div.link-list > ul.link-list__items > li.link-list__item > a.link-footer`
Research & development `div.link-list > ul.link-list__items > li.link-list__item > a.link-footer`
Access & affordability resources `div.link-list > ul.link-list__items > li.link-list__item > a.link-footer`

○Interactive controls are keyboard focusable

○Interactive elements indicate their purpose and state

○The page has a logical tab order

○Visual order on the page follows DOM order

○User focus is not accidentally trapped in a region

○The user's focus is directed to new content added to the page

○HTML5 landmark elements are used to improve navigation

○Offscreen content is hidden from assistive technology

○Custom controls have associated labels

○Custom controls have ARIA roles

●`[aria-*]` attributes match their roles

●`[aria-hidden="true"]` is not present on the document `<body>`

●`[role]`s have all required `[aria-*]` attributes

●Elements with an ARIA `[role]` that require children to contain a specific `[role]` have all required children.

●`[role]`s are contained by their required parent element

●`[role]` values are valid

●`[aria-*]` attributes have valid values

●`[aria-*]` attributes are valid and not misspelled

●Buttons have an accessible name

●Image elements have `[alt]` attributes

●`[user-scalable="no"]` is not used in the `<meta name="viewport">` element and the `[maximum-scale]` attribute is not less than 5.

●`button`, `link`, and `menuitem` elements have accessible names

●ARIA attributes are used as specified for the element's role

●Elements with `role="dialog"` or `role="alertdialog"` have accessible names.

●`[aria-hidden="true"]` elements do not contain focusable descendents

●Elements use only permitted ARIA attributes

●Background and foreground colors have a sufficient contrast ratio

●Document has a `<title>` element

●`<html>` element has a `[lang]` attribute

●`<html>` element has a valid value for its `[lang]` attribute

●Links are distinguishable without relying on color.

●Links have a discernible name

●Lists contain only `<li>` elements and script supporting elements (`<script>` and `<template>`).

●List items (`<li>`) are contained within `<ul>`, `<ol>` or `<menu>` parent elements

●No element has a `[tabindex]` value greater than 0

●Touch targets have sufficient size and spacing.

●Heading elements appear in a sequentially-descending order

●Document has a main landmark.

●Deprecated ARIA roles were not used

●ARIA IDs are unique

●Identical links have the same purpose.

○`[accesskey]` values are unique

○ARIA input fields have accessible names

○ARIA `meter` elements have accessible names

○ARIA `progressbar` elements have accessible names

○Elements with the `role=text` attribute do not have focusable descendents.

○ARIA toggle fields have accessible names

○ARIA `tooltip` elements have accessible names

○ARIA `treeitem` elements have accessible names

○The page contains a heading, skip link, or landmark region

○`<dl>`'s contain only properly-ordered `<dt>` and `<dd>` groups, `<script>`, `<template>` or `<div>` elements.

○Definition list items are wrapped in `<dl>` elements

○No form fields have multiple labels

○`<frame>` or `<iframe>` elements have a title

○`<html>` element has an `[xml:lang]` attribute with the same base language as the `[lang]` attribute.

○Input buttons have discernible text.

○`<input type="image">` elements have `[alt]` text

○Form elements have associated labels

○The document does not use `<meta http-equiv="refresh">`

○`<object>` elements have alternate text

○Select elements have associated label elements.

○Skip links are focusable.

○Cells in a `<table>` element that use the `[headers]` attribute refer to table cells within the same table.

○`<th>` elements and elements with `[role="columnheader"/"rowheader"]` have data cells they describe.

○`[lang]` attributes have a valid value

○`<video>` elements contain a `<track>` element with `[kind="captions"]`

○Tables have different content in the summary attribute and `<caption>`.

○All heading elements contain content.

○Uses ARIA roles only on compatible elements

○Image elements do not have `[alt]` attributes that are redundant text.

○Tables use `<caption>` instead of cells with the `[colspan]` attribute to indicate a caption.

○`<td>` elements in a large `<table>` have one or more table headers.

Best Practices

General

Errors logged to the console indicate unresolved problems. They can come from network request failures and other browser concerns. Learn more about this errors in console diagnostic audit

Why this matters

Performance issues directly impact user engagement and conversion rates.

Source	Description
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.akouosresonate.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.aparito.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.campcaresportal.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.centralizedpaymentservices.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.customerprogramportal.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.dialogforum-demenz.de/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.earlybreastcancer.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.ebcdecisionaid.ca/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.emgality-patient.jp/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.facultyresources.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.kaeyou-dm.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.learnobesity.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lilly360.com.br/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lilly360.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillycardactivation.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillycares.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyclinic.com.sg/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyinvestigatorresearch.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyloxooncologypipeline.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyoncology.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyoncologypipeline.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyoncologysupport.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillypatientesign.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillypatientsupport.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillyrsvp.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lillytempo.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.lrlscience.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.myregistrationc.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.olumiant.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.omvoh.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.otofclinicaltrial.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.protomer.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.reinforcinghope.info/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.reyvow-patient.jp/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.startlilly.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.syrenis.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.talkabouttrials.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.taltz.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.tap.lilly/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.tempoinsights.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.true.lilly/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.vervetrials.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.verzenio.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.voucheraccess.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
cscript-cdn-use.lilly.com/loader.js?1776890116591	Connecting to 'https://ids-use.vsclinicaltrial.com/Home/CreateIdentifier?cassieGuid=c13128ee-ce8c-4820-8fef-b62c05e7e73d&accessKey=a363400f-dda7-4d1b-8731-df252632081a&expiryDays=365' violates the following Content Security Policy directive: "default-src 'self' .tapad.com .bing.com .lilly.com https://www.medtargetsystem.com https://collection.decibelinsight.net/i/14208/3005197/c.json https://photos.healthgrades.com https://www.google.com https://fonts.gstatic.com https://.hcn.health https://trc.lhmos.com https://.deepintent.com https://secure.adnxs.com https://.adsrvr.org https://.casalemedia.com https://id5-sync.com .adobeaemcloud.com https://cscript-cdn-use-uat.cassiecloud.com https://rum-ingest.us1.signalfx.com https://edge.adobedc.net https://adobedc.demdex.net https://www.google-analytics.com https://lilly.tt.omtrdc.net https://di.rlcdn.com https://image.thriveglobal.com https://llycw.com *.llycw.com data: https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cdn.signalfx.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.
www.lilly.com/eds/utils/isi.js line 828, col 12	`Error creating ISI component: TypeError: Cannot read properties of null (reading 'style') at ISI.initializeViewportState (https://www.lilly.com/eds/utils/isi.js:411:17) at ISI.init (https://www.lilly.com/eds/utils/isi.js:777:10) at async createISI (https://www.lilly.com/eds/utils/isi.js:814:23) at async createISIDecorate (https://www.lilly.com/eds/utils/isi.js:849:3)`
www.lilly.com/eds/utils/isi.js line 170, col 14	`Failed to fetch ISI content from primary URL`
www.lilly.com/	Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'self' 'unsafe-eval' https://rum.hlx.page .tapad.com .bing.com .kaltura.com/ .cassiecloud.com https://google-analytics.com https://www.googletagmanager.com .google-analytics.com https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com .turn.com .myadvocado.com .doubleclick.net .google.com .salesforceliveagent.com .gstatic.com .googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net .googleapis.com assets.adobedtm.com assets.ctfassets.net .kisunla.com .soundcloud.com .recaptcha.net https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com bugcrowd.com .assets.bugcrowdusercontent.com https://assets.bugcrowdusercontent.com/assets/packs/external_submissions-b3f69456b390e9020f61ae89e8eec3f6c050062571ce52bcb6fda6d0d81e2828.js .lilly.com .kampyle.com .medallia.com https://cdn.signalfx.com https://llycw.com *.llycw.com https://login.microsoftonline.com https://cdn.decibelinsight.net https://collection.decibelinsight.net https://widget.decibelinsight.net https://portal.decibel.com https://clientapi.api.decibel.com https://cscript-cdn-use-uat.aem.live https://apps.healthgrades.com https://cdn.auth0.com https://cscript-cdn-use-uat.lilly.com https://aim-tag.hcn.health". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.
www.lilly.com/eds/scripts/scripts.js line 280, col 4	`ReferenceError: scriptTypeMetaTag is not defined at loadSchemaJson (https://www.lilly.com/eds/scripts/scripts.js:281:5) at loadPage (https://www.lilly.com/eds/scripts/scripts.js:292:3)`

Why this matters

Performance issues directly impact user engagement and conversion rates.

Issue type
Content security policy

Why this matters

Performance issues directly impact user engagement and conversion rates.

URL	Map URL
federated-components.unex.lilly.com/vendors.js
cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js	cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js.map
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js	cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web.js.map
cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js	cdn.signalfx.com/o11y-gdi-rum/v0.24.0/splunk-otel-web-session-recorder.js.map

●Uses HTTPS

●Avoids deprecated APIs

●Avoids third-party cookies

●Allows users to paste into input fields

●Avoids requesting the geolocation permission on page load

●Avoids requesting the notification permission on page load

●Displays images with correct aspect ratio

●Serves images with appropriate resolution

●Page has the HTML doctype

●Properly defines charset

●Ensure CSP is effective against XSS attacks

●Use a strong HSTS policy

●Ensure proper origin isolation with COOP

●Mitigate clickjacking with XFO or CSP

●Mitigate DOM-based XSS with Trusted Types

●Detected JavaScript libraries

○Redirects HTTP traffic to HTTPS

100

SEO

○Structured data is valid

●Page isn’t blocked from indexing

●Document has a `<title>` element

●Document has a meta description

●Page has successful HTTP status code

●Links have descriptive text

●Links are crawlable

●robots.txt is valid

●Image elements have `[alt]` attributes

●Document has a valid `hreflang`

●Document has a valid `rel=canonical`

Results for https://lilly.com

Site Health

How you compare

Top Priorities (5)

Fix Priority Matrix

Quick Wins

Strategic

Easy Improvements

Deprioritize

What fixing these means

Conversion Barriers

Speed (2)

Trust (2)

Content (3)

Navigation (1)

Return on Investment

Investment

Monthly returns

Regulatory risk avoided

Estimated Remediation Cost

Cost by category

Cost by effort level

What Inaction Is Costing You

Compliance Risk

Bandwidth Waste

Lighthouse Scores

Core Web Vitals

Detailed Report

Performance

Insights

Diagnostics

Accessibility

ARIA

Best Practices

General

SEO

Lighthouse Scores

Core Web Vitals

Detailed Report

Performance

Insights

Diagnostics

Accessibility

Best Practices

General

SEO

Keyboard Shortcuts